Managing private and public service set utilization

ABSTRACT

Methods, systems, and computer readable media may be operable to facilitate the management of connections between one or more client devices and an access point over one or more service sets. An access point may maintain a list of client devices that have successfully associated with a private service set broadcast from the access point, and when a client device from the list attempts to connect to a public service set broadcast from the access point, the access point may deny the client device&#39;s attempt to connect to the public service set. Attempts by the client device to join the public service set may be denied for a predetermined number of attempts or a predetermined period of time. Denying an attempt to connect to a public service set may provide a client device with more opportunities to connect to a private service set broadcast from a corresponding access point.

CROSS REFERENCE TO RELATED APPLICATION

This application is a non-provisional application claiming the benefitof U.S. Provisional Application Ser. No. 62/034,479, entitled “ManagingConnections to Service Sets,” which was filed on Aug. 7, 2014, and isincorporated herein by reference in its entirety.

TECHNICAL FIELD

This disclosure relates to managing private and public service setutilization.

BACKGROUND

Typically, an access point such as a gateway device may provide aplurality of service sets to a customer premise for the delivery ofwireless communications between the access point and one or more clientdevices or stations. Each respective one of the plurality of servicesets may be designated for use by a specific service and may beencrypted or unencrypted (e.g., private or public). When a privateservice set and a public service set are broadcast from an access point,a client device may potentially connect to the public service set ratherthan the private service set. However, a user may intend or a specificservice may require that communications be delivered between a clientdevice and access point through a private service set. Therefore, it isdesirable to improve upon methods, systems and apparatuses for managingconnections between one or more client devices and an access point overone or more service sets.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an example network environmentoperable to facilitate the management of connections between one or moreclient devices and an access point over one or more service sets.

FIG. 2 is a block diagram illustrating an example access point operableto facilitate the management of connections between one or more clientdevices and an access point over one or more service sets.

FIG. 3 is a flowchart illustrating an example process operable tofacilitate the management of connections between one or more clientdevices and an access point over one or more service sets.

FIG. 4 is a block diagram of a hardware configuration operable tofacilitate the management of connections between one or more clientdevices and an access point over one or more service sets.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

Methods, systems, and computer readable media are described herein formanaging connections between one or more client devices and an accesspoint over one or more service sets. In embodiments, an access point maymaintain a list of client devices that have successfully associated witha private service set broadcast from the access point, and when a clientdevice from the list attempts to connect to a public service setbroadcast from the access point, the access point may deny the clientdevice's attempt to connect to the public service set. Denying anattempt to connect to a public service set may provide a client devicewith more opportunities to connect to a private service set broadcastfrom a corresponding access point.

In embodiments, an access point may deny a predetermined number ofpublic service set connection attempts from a client device and/or maydeny public service set connection attempts from a client device for apredetermined period of time. After a predetermined number of attemptsor period of time, a client device attempt to join a public service setmay be allowed by a corresponding access point.

An embodiment of the invention described herein may include a methodcomprising: (a) receiving a request from a client device to join apublic service set, wherein the public service set is provided by anaccess point; (b) determining that the client device is associated witha private service set, wherein the association between the client deviceand the private service set is based upon a prior authentication betweenthe client device and the private service set; (c) determining whether acondition exists for allowing the client device to join the publicservice set; and (d) if the determination is made that no conditionexists for allowing the client device to join the public service set:(i) denying the client device request to join the public service set;and (ii) outputting a message to the client device informing the clientdevice of the denial of the request.

According to an embodiment of the invention, determining that the clientdevice is associated with a private service set comprises identifying amedia access control address associated with the client device in a listof media access control addresses associated with one or more devicesthat had previously been or that are currently associated with a privateservice set.

According to an embodiment of the invention, the request received fromthe client device to join the public service set comprises a subsequentattempt by the client device to join the public service set, and thecondition for allowing the client device to join the public service setcomprises the number of previous attempts by the client device to jointhe public service set being greater than a predetermined threshold.

According to an embodiment of the invention, the request received fromthe client device to join the public service set comprises a subsequentattempt by the client device to join the public service set, and thecondition for allowing the client device to join the public service setcomprises the passing of a predetermined duration of time between thetime of a first attempt by the client device to join the public serviceset and the time of the subsequent attempt by the client device to jointhe public service set.

According to an embodiment of the invention, if the determination ismade that a condition does exist for allowing the client device to jointhe public service set, the client device is allowed to join the publicservice set, and the client device is removed from a list of devicesthat have previously been or that are currently associated with aprivate service set.

According to an embodiment of the invention, the message informing theclient device of the denial of the request comprises an identificationof a frequency band to be probed by the client device for a privateservice set.

According to an embodiment of the invention, the message informing theclient device of the denial of the request comprises a private serviceset identifier to be used by the client device in an attempt to join anassociated private service set.

An embodiment of the invention described herein may include an apparatuscomprising: (a) an interface configured to be used to receive a requestfrom a client device to join a public service set; (b) one or moremodules configured to: (i) determine that the client device isassociated with a private service set, wherein the association betweenthe client device and the private service set is based upon a priorauthentication between the client device and the private service set;(ii) determine whether a condition exists for allowing the client deviceto join the public service set; and (iii) deny the client device requestto join the public service set if the determination is made that nocondition exists for allowing the client device to join the publicservice set; and (c) an interface configured to be used to output amessage to the client device informing the client device of the denialof the request if the determination is made that no condition exists forallowing the client device to join the public service set.

An embodiment of the invention described herein may include one or morenon-transitory computer readable media having instructions operable tocause one or more processors to perform the operations comprising: (a)receiving a request from a client device to join a public service set,wherein the public service set is provided by an access point; (b)determining that the client device is associated with a private serviceset, wherein the association between the client device and the privateservice set is based upon a prior authentication between the clientdevice and the private service set; (c) determining whether a conditionexists for allowing the client device to join the public service set;and (d) if the determination is made that no condition exists forallowing the client device to join the public service set: (i) denyingthe client device request to join the public service set; and (ii)outputting a message to the client device informing the client device ofthe denial of the request.

FIG. 1 is a block diagram illustrating an example network environment100 operable to facilitate the management of connections between one ormore client devices and an access point over one or more service sets.In embodiments, an access point 105 may route communications to and fromone or more client devices 110. For example, the one or more clientdevices 110 may be provisioned to receive video service(s), dataservice(s), and/or voice services through one or more access points 105.In embodiments, an access point 105 may include a gateway, a cablemodem, a wireless router including an embedded cable modem, a mobilehot-spot router, a multimedia over coaxial alliance (MoCA) node, awireless extender, and any other device that is operable to routecommunications to and from a client device 110.

In embodiments, client devices 110 may include a wide variety of devicessuch as televisions, mobile devices, tablets, set-top boxes, computers,and any other device that is capable of utilizing a video, data, ortelephony service. In embodiments, an access point 105 may provide oneor more service sets (e.g., public service set 115, private service set120), and the service sets may be identified using unique service setidentifiers (SSID). Service sets may be used for delivering trafficbetween a client device 110 and the access point 105, and each serviceset may be designated for a particular service (e.g., video, data,security, hotspot, etc.). In embodiments, the client devices 110 mayidentify a service set and may connect to a service set provided by theaccess point 105. Once connected to a service set, a client device 110may receive content and/or services from upstream networks or servers(e.g., wide area network (WAN) 125), and may communicate with otherclient devices 110 connected to the same service set. For example,communications between client devices 110 and one or more access points105 may include wireless communications (e.g., 802.11 packet exchanges).

In embodiments, an access point 105 may route communications betweenclient device(s) 110 and a wide area network (WAN) 125 via a subscribernetwork 130. The subscriber network 130 may include various networkssuch as coaxial cable, optical fiber, twisted pair network, wirelessnetworks including 4G and LTE, and others.

In embodiments, an access point 105 may maintain a list of known clientdevices 110. For example, the list of known client devices 110 mayinclude client devices 110 that have successfully connected to a privateservice set 120 provided by the access point 105. A private service set120 may include a service set that is password protected or that isotherwise encrypted. The access point 105 may identify and list knownclient devices 110 using media access control (MAC) addresses that areunique to the client devices 110. The known client device list may bestored at the access point 105 such that the list is maintained afterreboots and software upgrades.

In embodiments, when a client device 110 attempts to connect to a publicservice set 115 provided by an access point 105, the access point 105may identify the MAC address of the client device 110 and check whetherthe MAC address is in the list of known client devices 110 stored at theaccess point 105. For example, the MAC address of a client device 110may be identified from a wireless communication (e.g., 802.11 packet)received from the client device 110. When the MAC address of the clientdevice 110 is found in the list of known client devices 110, the accesspoint 105 may make the determination that the preferred service set forthe client device 110 is a private service set 120 and may deny theclient device's attempt to join the public service set 115.

In embodiments, the access point 105 may deny a known client device'sattempt to join the public service set 115 for a predetermined number oftimes and/or predetermined period of time. After the client device 110has attempted to connect to the public service set 115 for apredetermined number of times or a predetermined period of time, theaccess point 105 may allow the client device 110 to connect to thepublic service set 115. When a client device 110 on the known devicelist is allowed to join the public service set 115, the client device110 may be removed from the known device list until the client device110 later successfully connects to a private service set 120.

FIG. 2 is a block diagram illustrating an example access point 105operable to facilitate the management of connections between one or moreclient devices and an access point over one or more service sets. Theaccess point 105 may include a wireless interface 205, a known devicemodule 210, a known device data store 215, and a connection attemptmodule 220.

In embodiments, the access point 105 may route communications to andfrom client devices 110 through one or more service sets (e.g., privateservice set 120, public service set 115). For example, a client device110 may identify an available service set (e.g., through a SSIDassociated with a service set), and can attempt to join the identifiedservice set. It should be understood that communications exchangedbetween the access point 105 and client device 110 may include wirelesscommunications (e.g., 802.11 packet exchanges).

In embodiments, a wireless interface 205 may receive requests fromclient devices 110 to join a service set. When a client device 110successfully joins a private service set 120, a MAC address associatedwith the client device 110 may be added to a list of known clientdevices stored at the known device data store 215. In embodiments, thelist of known client devices is updated when a client device completelyauthenticates to an encrypted service set.

In embodiments, the known device module 210 may identify a MAC addressassociated with a client device 110 when the client device 110 attemptsto join a public service set 115. For example, the MAC address may beidentified from a wireless communication (e.g., 802.11 packet) receivedfrom the client device 110. The known device module 210 may search forthe identified MAC address in the list of known client devices. Theaccess point 105 may ignore or withhold a response to a request to joina public service set received from a client device that is known (e.g.,a client device included in the list of known client devices). Forexample, if the MAC address of a client device 110 is found within thelist of known devices, the access point 105 may deny the client device'srequest to join a public service set 115. If the MAC address is notfound in the list of known client devices, the client device 110 may beallowed to join the public service set 115.

In embodiments, a connection attempt module 220 may determine whether aclient device 110 listed in a known device list has met or exceeded apredetermined number of connection attempts or whether a predeterminedperiod of time has passed since the client device's first attempt tojoin the public service set 115. For example, a connection attempt count(e.g., a count of authentications tried to the public service set perMAC address) may be initiated when a client device 110 listed on theknown device list attempts to connect to a public service set 115, andthe count may be incremented each time the client device 110subsequently attempts to join the public service set 115. If theconnection attempt count for a requesting client device 110 is less thana predetermined threshold, the client device's attempt to join thepublic service set 115 may be denied. When the connection attempt countfor a particular client device 110 reaches or exceeds a predeterminedthreshold, the client device 110 may be allowed to join the publicservice set 115. In embodiments, a sliding deny period may be configuredsuch that the connection attempts of each MAC address is maintained overa predetermined period of time, and at the expiration of the slidingdeny period, the attempt count for a corresponding MAC address may bereset or decremented. It should be understood that an attempt count fora MAC address may be reset when the corresponding client devicesuccessfully joins a private service set.

In embodiments, when a client device 110 listed in the known device listattempts to join the public service set 115, a timer may be initiated.If, when the client device 110 makes a subsequent attempt to join thepublic service set 115, the timer has yet to expire or is otherwise lessthan a predetermined threshold, the client device's attempt to join thepublic service set 115 may be denied. If, when the client device 110makes a subsequent attempt to join the public service set 115, the timerhas expired or is otherwise greater than a predetermined threshold, theclient device's attempt to join the public service set 115 may beallowed.

When a known client device 110 makes an initial attempt to join a publicservice set 115, the time of the initial attempt may be logged (e.g., atthe known device data store), and when a subsequent attempt to join thepublic service set 115 is made by the known client device 110, theperiod of time between the initial attempt and the subsequent attemptmay be used to determine whether to allow the known client device 110 tojoin the public service set 115. For example, where the differencebetween the time of an initial attempt by the known client device 110 tojoin a public service set 115 and the subsequent attempt by the knownclient device 110 to join the public service set 115 is greater than athreshold period of time (e.g., thirty, sixty, ninety seconds, etc.),the access point 105 may allow the known client device 110 to join thepublic service set 115. A logged time of an initial attempt by a knownclient device 110 to join a public service set 115 may be reset ordeleted from an access point 105 (e.g., known device data store 215)after the passing of a predetermined duration of time (e.g., five, tenminutes, etc.).

In embodiments, when a client device 110 listed in the known device listis allowed to join the public service set 115, the client device 110 maybe removed from the known device list stored at the known device datastore 215. In embodiments, an operator may configure the deny period,the predetermined attempt threshold, and/or the list of known devices.

FIG. 3 is a flowchart illustrating an example process 300 operable tofacilitate the management of connections between one or more clientdevices and an access point over one or more service sets. Inembodiments, an access point 105 of FIG. 1 may manage connectionsbetween client devices (e.g., client devices 110 of FIG. 1) and servicesets offered by the access point 105. The process 300 may begin at 305,when a client device 110 request to join a public service set isreceived at an access point 105. For example, a client device 110request to join a public service set may include a probe request orauthentication request identifying a public SSID.

At 310, a determination may be made whether the client device 110requesting to join the public service set is a known device (e.g., adevice that has been previously connected to a private service set of anassociated access point). The determination whether the client device110 is a known device may be made, for example, by the known devicemodule 210 of FIG. 2. In embodiments, the known device module 210 cansearch for a MAC address associated with the requesting client device110 in a list of known devices (e.g., previously connected devices)stored at the known device data store 215 of FIG. 2. If the MAC addressof the client device 110 is not found in the list of known devices, thedetermination can be made that the client device 110 is not a knowndevice and the process may proceed to 315 where the client device 110may be allowed to join the public service set. For example, at 315, theaccess point 105 may allow the client device 110 to associate and/orauthenticate with the requested public service set.

If, at 310, the MAC address of the requesting client device 110 is foundin the list of known devices, the determination may be made that theclient device 110 is a known device and the process 300 may proceed to320. At 320, a count of the number of attempts the client device 110 hasmade to join the public service set may be incremented. In embodiments,a MAC address and attempt count associated with the known client device110 may be stored at the access point 105 (e.g., at known device datastore 215 of FIG. 2). Each time an attempt is made by the client device110 to join the public service set provided by the access point 105, theattempt count associated with the client device 110 may be incremented.

At 325, a determination may be made whether the client device 110 hasattempted to join the public service set a number of times that isgreater than a predetermined threshold. The determination may be made,for example, by the connection attempt module 220 of FIG. 2. Forexample, a count of the number of times a client device 110 attempts tojoin the public service set may be maintained. The attempt countassociated with a specific MAC address may be associated with a periodof time, such that the attempt count for the MAC address is reset aftera predetermined period of time.

If, at 325, the determination is made that the attempt count hasexceeded the predetermined threshold, the process 300 may proceed to330. At 330, the client device 110 may be allowed to join the requestedpublic service set. For example, the access point 105 may allow theclient device 110 to associate and/or authenticate with the requestedpublic service set.

At 335, the client device 110 may be conditionally removed from theknown device list. In embodiments, the MAC address and associatedattempt count of the client device 110 may be removed from the list ofknown devices stored at the known device data store 215 of FIG. 2. Forexample, the client device 110 may be removed from the known device listuntil the client device 110 is later associated and/or authenticatedwith a private service set provided by the access point 105.

Returning to 325, if the determination is made that the attempt counthas not exceeded the predetermined threshold, the process 300 mayproceed to 340. At 340, a determination may be made whether a denialperiod has expired. The determination may be made, for example, by theconnection attempt module 220 of FIG. 2. The denial period may be apredetermined amount of time for which to deny a client device's attemptto join a public service set after the client device's first attempt tojoin the public service set. If the denial period has expired, theprocess 300 may proceed to 330, where the client device 110 may beallowed to join the public service set, and the client device 110 may beconditionally removed from the known device list at 335.

If, at 340, the determination is made that the denial period has notexpired, the process 300 may proceed to 345. At 345, the client device'sattempt to join the public service set may be denied. In embodiments,the access point 105 may output an authentication response informing theclient device 110 that another network or service set is preferred forthe client device 110. For example, in response to an authenticationrequest received from the client device 110, the access point 105 mayoutput an authentication response including a status code indicatingthat another network or SSID is preferred for the client device 110. Inembodiments, the authentication response may inform the client device110 as to which specific network or SSID is preferred for the clientdevice 110. For example, the authentication response may include aspecific frequency band (e.g., 2.4 GHz, 5 GHz, etc.) and/or anidentification of the preferred SSID, and using the information includedwithin the authentication response, the client device 110 may attempt toassociate and/or authenticate with the preferred SSID. If the accesspoint 105 is configured not to broadcast SSIDs, a preferred SSID fieldwithin the authentication response may be left blank. In embodiments,the authentication response may inform the client device 110 to onlyprobe a frequency band defined in the authentication response.

FIG. 4 is a block diagram of a hardware configuration 400 operable tofacilitate the management of connections between one or more clientdevices and an access point over one or more service sets. It should beunderstood that the hardware configuration 400 can exist in varioustypes of devices. The hardware configuration 400 can include a processor410, a memory 420, a storage device 430, and an input/output device 440.Each of the components 410, 420, 430, and 440 can, for example, beinterconnected using a system bus 450. The processor 410 can be capableof processing instructions for execution within the hardwareconfiguration 400. In one implementation, the processor 410 can be asingle-threaded processor. In another implementation, the processor 410can be a multi-threaded processor. The processor 410 can be capable ofprocessing instructions stored in the memory 420 or on the storagedevice 430.

The memory 420 can store information within the hardware configuration400. In one implementation, the memory 420 can be a computer-readablemedium. In one implementation, the memory 420 can be a volatile memoryunit. In another implementation, the memory 420 can be a non-volatilememory unit.

In some implementations, the storage device 430 can be capable ofproviding mass storage for the hardware configuration 400. In oneimplementation, the storage device 430 can be a computer-readablemedium. In various different implementations, the storage device 430can, for example, include a hard disk device, an optical disk device,flash memory or some other large capacity storage device. In otherimplementations, the storage device 430 can be a device external to thehardware configuration 400.

The input/output device 440 provides input/output operations for thehardware configuration 400. In embodiments, the input/output device 440can include one or more of a network interface device (e.g., an Ethernetcard), a serial communication device (e.g., an RS-232 port), one or moreuniversal serial bus (USB) interfaces (e.g., a USB 2.0 port) and/or awireless interface device (e.g., an 802.11 card). In embodiments, theinput/output device can include driver devices configured to sendcommunications to, and receive communications from one or more networks(e.g., subscriber network 130 of FIG. 1, WAN 125 of FIG. 1, etc.) and/orone or more service sets (e.g., public service set 115, private serviceset 120, etc.).

Those skilled in the art will appreciate that the invention improvesupon methods and apparatuses for managing connections between one ormore client devices and an access point over one or more service sets.The methods, systems and apparatuses described in this disclosure enablethe denial of a client device attempt to join a public service set whenthe client device has been previously associated with a private serviceset, wherein the private service set and the public service set areassociated with the same access point. The methods, systems andapparatuses described in this disclosure increase the likelihood that aclient device will connect to a private service set.

The subject matter of this disclosure, and components thereof, can berealized by instructions that upon execution cause one or moreprocessing devices to carry out the processes and functions describedabove. Such instructions can, for example, comprise interpretedinstructions, such as script instructions, e.g., JavaScript orECMAScript instructions, or executable code, or other instructionsstored in a computer readable medium.

Implementations of the subject matter and the functional operationsdescribed in this specification can be provided in digital electroniccircuitry, or in computer software, firmware, or hardware, including thestructures disclosed in this specification and their structuralequivalents, or in combinations of one or more of them. Embodiments ofthe subject matter described in this specification can be implemented asone or more computer program products, i.e., one or more modules ofcomputer program instructions encoded on a tangible program carrier forexecution by, or to control the operation of, data processing apparatus.

A computer program (also known as a program, software, softwareapplication, script, or code) can be written in any form of programminglanguage, including compiled or interpreted languages, or declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, or other unitsuitable for use in a computing environment. A computer program does notnecessarily correspond to a file in a file system. A program can bestored in a portion of a file that holds other programs or data (e.g.,one or more scripts stored in a markup language document), in a singlefile dedicated to the program in question, or in multiple coordinatedfiles (e.g., files that store one or more modules, sub programs, orportions of code). A computer program can be deployed to be executed onone computer or on multiple computers that are located at one site ordistributed across multiple sites and interconnected by a communicationnetwork.

The processes and logic flows described in this specification areperformed by one or more programmable processors executing one or morecomputer programs to perform functions by operating on input data andgenerating output thereby tying the process to a particular machine(e.g., a machine programmed to perform the processes described herein).The processes and logic flows can also be performed by, and apparatuscan also be implemented as, special purpose logic circuitry, e.g., anFPGA (field programmable gate array) or an ASIC (application specificintegrated circuit).

Computer readable media suitable for storing computer programinstructions and data include all forms of non-volatile memory, mediaand memory devices, including by way of example semiconductor memorydevices (e.g., EPROM, EEPROM, and flash memory devices); magnetic disks(e.g., internal hard disks or removable disks); magneto optical disks;and CD ROM and DVD ROM disks. The processor and the memory can besupplemented by, or incorporated in, special purpose logic circuitry.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinvention or of what may be claimed, but rather as descriptions offeatures that may be specific to particular embodiments of particularinventions. Certain features that are described in this specification inthe context of separate embodiments can also be implemented incombination in a single embodiment. Conversely, various features thatare described in the context of a single embodiment can also beimplemented in multiple embodiments separately or in any suitablesubcombination. Moreover, although features may be described above asacting in certain combinations and even initially claimed as such, oneor more features from a claimed combination can in some cases be excisedfrom the combination, and the claimed combination may be directed to asubcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be advantageous. Moreover, the separation of various systemcomponents in the embodiments described above should not be understoodas requiring such separation in all embodiments, and it should beunderstood that the described program components and systems cangenerally be integrated together in a single software product orpackaged into multiple software products.

Particular embodiments of the subject matter described in thisspecification have been described. Other embodiments are within thescope of the following claims. For example, the actions recited in theclaims can be performed in a different order and still achieve desirableresults, unless expressly noted otherwise. As one example, the processesdepicted in the accompanying figures do not necessarily require theparticular order shown, or sequential order, to achieve desirableresults. In some implementations, multitasking and parallel processingmay be advantageous.

We claim:
 1. A method comprising: receiving a request from a clientdevice to join a public service set, wherein the public service set isprovided by an access point; determining that the client device isassociated with a private service set, wherein the association betweenthe client device and the private service set is based upon a priorauthentication between the client device and the private service set;determining whether a condition exists for allowing the client device tojoin the public service set; and if the determination is made that nocondition exists for allowing the client device to join the publicservice set: denying the client device request to join the publicservice set; and outputting a message to the client device informing theclient device of the denial of the request; and if the determination ismade that a condition does exist for allowing the client device to jointhe public service set: allowing the client device to join the publicservice set; and removing the client device from a list of devices thathave previously been or that are currently associated with a privateservice set.
 2. The method of claim 1, wherein determining that theclient device is associated with a private service set comprisesidentifying a media access control address associated with the clientdevice in a list of media access control addresses associated with oneor more devices that had previously been or that are currentlyassociated with a private service set.
 3. The method of claim 1, whereinthe request received from the client device to join the public serviceset comprises a subsequent attempt by the client device to join thepublic service set, and wherein the condition for allowing the clientdevice to join the public service set comprises the number of previousattempts by the client device to join the public service set beinggreater than a predetermined threshold.
 4. The method of claim 1,wherein the request received from the client device to join the publicservice set comprises a subsequent attempt by the client device to jointhe public service set, and wherein the condition for allowing theclient device to join the public service set comprises the passing of apredetermined duration of time between the time of a first attempt bythe client device to join the public service set and the time of thesubsequent attempt by the client device to join the public service set.5. The method of claim 1, wherein the message informing the clientdevice of the denial of the request comprises an identification of afrequency band to be probed by the client device for a private serviceset.
 6. The method of claim 1, wherein the message informing the clientdevice of the denial of the request comprises a private service setidentifier to be used by the client device in an attempt to join anassociated private service set.
 7. An apparatus comprising: an interfaceconfigured to be used to receive a request from a client device to joina public service set; one or more modules configured to: determine thatthe client device is associated with a private service set, wherein theassociation between the client device and the private service set isbased upon a prior authentication between the client device and theprivate service set; determine whether a condition exists for allowingthe client device to join the public service set; and deny the clientdevice request to join the public service set if the determination ismade that no condition exists for allowing the client device to join thepublic service set; and an interface configured to be used to output amessage to the client device informing the client device of the denialof the request if the determination is made that no condition exists forallowing the client device to join the public service set, wherein themessage informing the client device of the denial of the requestcomprises an identification of a frequency band to be probed by theclient device for a private service set.
 8. The apparatus of claim 7,wherein it is determined that the client device is associated with aprivate service set by identifying a media access control addressassociated with the client device in a list of media access controladdresses associated with one or more devices that had previously beenor that are currently associated with a private service set.
 9. Theapparatus of claim 7, wherein the request received from the clientdevice to join the public service set comprises a subsequent attempt bythe client device to join the public service set, and wherein thecondition for allowing the client device to join the public service setcomprises the number of previous attempts by the client device to jointhe public service set being greater than a predetermined threshold. 10.The apparatus of claim 7, wherein the request received from the clientdevice to join the public service set comprises a subsequent attempt bythe client device to join the public service set, and wherein thecondition for allowing the client device to join the public service setcomprises the passing of a predetermined duration of time between thetime of a first attempt by the client device to join the public serviceset and the time of the subsequent attempt by the client device to jointhe public service set.
 11. The apparatus of claim 7, wherein themessage informing the client device of the denial of the requestcomprises a private service set identifier to be used by the clientdevice in an attempt to join an associated private service set.
 12. Oneor more non-transitory computer readable media having instructionsoperable to cause one or more processors to perform the operationscomprising: receiving a request from a client device to join a publicservice set, wherein the public service set is provided by an accesspoint; determining that the client device is associated with a privateservice set, wherein the association between the client device and theprivate service set is based upon a prior authentication between theclient device and the private service set; determining whether acondition exists for allowing the client device to join the publicservice set; and if the determination is made that no condition existsfor allowing the client device to join the public service set: denyingthe client device request to join the public service set; and outputtinga message to the client device informing the client device of the denialof the request, wherein the message informing the client device of thedenial of the request comprises a private service set identifier to beused by the client device in an attempt to join an associated privateservice set.
 13. The one or more non-transitory computer-readable mediaof claim 12, wherein determining that the client device is associatedwith a private service set comprises identifying a media access controladdress associated with the client device in a list of media accesscontrol addresses associated with one or more devices that hadpreviously been or that are currently associated with a private serviceset.
 14. The one or more non-transitory computer-readable media of claim12, wherein the request received from the client device to join thepublic service set comprises a subsequent attempt by the client deviceto join the public service set, and wherein the condition for allowingthe client device to join the public service set comprises the number ofprevious attempts by the client device to join the public service setbeing greater than a predetermined threshold.
 15. The one or morenon-transitory computer-readable media of claim 12, wherein the requestreceived from the client device to join the public service set comprisesa subsequent attempt by the client device to join the public serviceset, and wherein the condition for allowing the client device to jointhe public service set comprises the passing of a predetermined durationof time between the time of a first attempt by the client device to jointhe public service set and the time of the subsequent attempt by theclient device to join the public service set.
 16. The one or morenon-transitory computer-readable media of claim 12, wherein theinstructions are further operable to cause one or more processors toperform the operations comprising: if the determination is made that acondition does exist for allowing the client device to join the publicservice set: allowing the client device to join the public service set;and removing the client device from a list of devices that havepreviously been or that are currently associated with a private serviceset.
 17. The one or more non-transitory computer-readable media of claim12, wherein the message informing the client device of the denial of therequest comprises an identification of a frequency band to be probed bythe client device for a private service set.